Jack Lloyd wrote: > On Fri, Aug 07, 2009 at 11:07:39AM -0400, Anthony Carrico wrote: >> As Sam pointed out earlier this year, it is time to update your OpenPGP >> keys. The community consensus is that now is the time to move to a >> stronger digest algorithm. > > FWIW, you can move to a stronger digest today without changing keys > over, using GnuPG's --edit-key followed with the appropriate setpref, > say > > setpref AES256 AES192 AES SHA512 SHA384 SHA256
Yes, that is part of it. Note that command does not exclude 3DES or SHA1, because they are required by RFC 4880. I think it was Sam who posted this link earlier: http://www.debian-administration.org/users/dkg/weblog/48 Feel free to follow it and skip ahead, but as far as I know, nobody actually followed the advice last time it was posted, since I haven't seen any new keys. My idea was to build some momentum with a bite sized approach. Also, I thought "Step 1..", "Step 2..", subject lines could break up and organize a potentially overwhelming thread. I think that is justified, since we already have a few messages here, with just "gpg --version". -- Anthony Carrico
signature.asc
Description: OpenPGP digital signature
